Manualshelf

FIPS Standard

ManualsBrandsIntel ManualsOtherIntel Dual Band Wireless-N 7260
41424344454647484950
Documentation shall specify:
the self-tests performed by a cryptographic module, including power-up and conditional tests,
the error states that a cryptographic module can enter when a self-test fails, and
the conditions and actions necessary to exit the error states and resume normal operation of a
cryptographic module (i.e., this may include maintenance of the module, or returning the module
to the vendor for servicing.)
4.9.1 Power-Up Tests
Power-up tests shall be performed by a cryptographic module when the module is powered up (after being
powered off, reset, rebooted, etc.). The power-up tests shall be initiated automatically and shall not require
operator intervention. When the power-up tests are completed, the results (i.e., indications of success or
failure) shall be output via the “status output” interface. All data output via the data output interface shall
be inhibited when the power-up tests are performed.
In addition to performing the power-up tests when powered up, a cryptographic module shall permit
operators to initiate the tests on demand for periodic testing of the module. Resetting, rebooting, and power
cycling are acceptable means for the on-demand initiation of power-up tests.
A cryptographic module shall perform the following power-up tests: cryptographic algorithm test,
software/firmware integrity test, and critical functions test.
Cryptographic algorithm test. A cryptographic algorithm test using a known answer shall be conducted for
all cryptographic functions (e.g., encryption, decryption, authentication, and random number generation) of
each Approved cryptographic algorithm implemented by a cryptographic module. A known-answer test
involves operating the cryptographic algorithm on data for which the correct output is already known and
comparing the calculated output with the previously generated output (the known answer). If the calculated
output does not equal the known answer, the known-answer test shall fail.
Cryptographic algorithms whose outputs vary for a given set of inputs (e.g., the Digital Signature
Algorithm) shall be tested using a known-answer test or shall be tested using a pair-wise consistency test
(specified below). Message digest algorithms shall have an independent known-answer test or the known-
answer test shall be included with the associated cryptographic algorithm test (e.g., the Digital Signature
Standard).
If a cryptographic module includes two independent implementations of the same cryptographic algorithm,
then:
the known-answer test may be omitted,
the outputs of two implementations shall be continuously compared, and
if the outputs of two implementations are not equal, the cryptographic algorithm test shall fail.
Software/firmware integrity test. A software/firmware integrity test using an error detection code (EDC) or
Approved authentication technique (e.g., an Approved message authentication code or digital signature
algorithm) shall be applied to all validated software and firmware components within a cryptographic
module when the module is powered up. The software/firmware integrity test is not required for any
software and firmware components excluded from the security requirements of this standard (refer to
34